CVE-2014-4062 | Vulnerability Database | Aqua Security

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, and 3.5.1 does not properly implement the ASLR protection mechanism, which allows remote attackers to obtain sensitive address information via a crafted web site, aka .NET ASLR Vulnerability.

Affected Software

Name	Vendor	Start Version	End Version
.net_framework	Microsoft	1.1-sp1 (including)	1.1-sp1 (including)
.net_framework	Microsoft	2.0-sp2 (including)	2.0-sp2 (including)
.net_framework	Microsoft	3.0-sp2 (including)	3.0-sp2 (including)
.net_framework	Microsoft	3.5 (including)	3.5 (including)
.net_framework	Microsoft	3.5.1 (including)	3.5.1 (including)

References

http://www.securityfocus.com/bid/69145
http://www.securitytracker.com/id/1030721
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-046
http://www.securityfocus.com/bid/69145
http://www.securitytracker.com/id/1030721
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-046

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-4062
CWE	https://cwe.mitre.org/data/definitions/264.html